SMTP Security "Prevent sender address spoofing..."

[ECS-Enders]

Hi there!

Meanwhile use a second SMTP instance (=server) with different settings, this is, what we did. We uses Mailenable Standard for webserver SMTP on virtual Windows servers and Mailenable Enterprise Premium for IMAP/POP3 on highend cluster for endusers. This has also the advantage, that you don't waste your queue with PHP spam etc.

Bye,
Ingo

[isaak]

I have requested that the change be made to the MMC to accomodate the setting - in which case it will be released in V5.02 along with the other updates.

Have this been addressed and "fixed" in V5.02?
It doesnt look like it has.

[nowhere]

I have tested it and for now it works but you have to edit the registry
For details look at this posting
http://forum.mailenable.com/posting.php ... 69#pr76028

[isaak]

Thank you "nowhere" for the info.

But what I meant is that they said they would make MMC to understand the value of 2 on ME v5.02.

If you change the setting to a value of 2, and then access the configuration page in the MMC and then save, it will revert the setting to 1 or 0, because it does not yet understand the setting value.
I have requested that the change be made to the MMC to accomodate the setting - in which case it will be released in V5.02 along with the other updates.

I have updated into that version and the SMTP connector still doesnt understand the setting value.
So they missed out this important update (without us needing to enter the registry).

What makes me a little bit upset is that now we have to pay for Annual Upgrade Protection and the updates we are requesting and they say they would change, they didnt do it. Paying for a job is not being done.

Not to mention like other 5 threads I have notified and not received an answer yet:
http://forum.mailenable.com/viewtopic.php?f=7&t=21328
http://forum.mailenable.com/viewtopic.php?f=7&t=21468
http://forum.mailenable.com/viewtopic.php?f=7&t=21516
http://forum.mailenable.com/viewtopic.php?f=7&t=21502
http://forum.mailenable.com/viewtopic.php?f=7&t=21464

Annual Upgrade Protection should cover only major version upgrades and not corrections or fixes of a product with flaws. The corrections should be provided FREE for everyone.

Regards,

[MailEnable]

Version 5 included a TOTALLY new webmail client and webAdmin client (along with some other additions/minor improvements). That is a significant extension to the product - surely enough to constitute a product upgrade. The intention of AUP is to reduce the release cycle so that additional functionality becomes available more readily.

With respect to the Address Spoofing change - The problem here is that the change does exist in services, but the release of the Management Console could not be made before the release. The registry driven change has been available in the product in version 4. The MMC change was never absolutely promised for the 5.02 release; since it was already in its test phase it could not be included in the MMC. I just posted a workaround on the forum in an attempt to provide some relief.

Also, I would point out that the best way to raise issues that require change is not in the forum [Particularly if your request is soley directed at a response/action from MailEnable]. There is a system for doing that and this feeds the developement/change register. eg: https://www.mailenablecorp.com/support/step1.asp and http://www.mailenable.com/suggest/suggestion.asp

The problem is that the forum is not equipt to track changes and progress and that is why these requests get lost or are not handled.

[nowhere]

Hallo Mailenable!

The Suggestion page is a good thing.
But I would like to see a list of suggestions that other useres had made in the past.
The advantage posting suggestions at the forum is that other user are able to comment them.
Posting a suggestion to the suggestion page is like posting somewhat to a "black hole", no feedback, no status information, nothing ....

[MailEnable]

I agree with respect to suggestions - and collaborative discussion is great. We are indeed looking to provide reporting and voting on features to prioritize releases and development. I was in a meeting on friday where this was discussed.

[isaak]

THANK YOU!
We are happy to have this option available since v5.03!

Appreciate very much your hard work.

[apitsos]

Having looked at the code of the connector, it seems that there is a provision to change the behaviour.

If you change this key to a value of 2, then it should bypass local IP Addresses:

Root: HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Connectors\SMTP
Name: Local Senders Must Authenticate
Type: DWORD
Value: 0 =Off, 1=On, 2=On; but bypass local IP addresses

The MMC does not have the ability to specify a value of 2 though - so you will need to edit registry.
You will need to restart smtp connector for the setting to take effect.

Note: If you change the setting to a value of 2, and then access the configuration page in the MMC and then save, it will revert the setting to 1 or 0, because it does not yet understand the setting value.
I have requested that the change be made to the MMC to accomodate the setting - in which case it will be released in V5.02 along with the other updates.

Hi there!

This seems not to be working anymore (v. 9.75). First of all this is now located under "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Connectors\SMTP". As soon as I change the value of the DWORD key into "2" I see that the setting "Address spoofing" under the SMTP settings (Security tab) is changed into "Authorized connections can spoof sender addresses". This is something you can see also on the attached screenshot.

The problem with this is that it ignores the Privileged IPs set under the "Relay" tab (button "Privileged IPs..."). So after sending an email without authentication it continues giving the error:
551 This mail server requires authentication before sending mail from a locally hosted domain. Please reconfigure your mail client to authenticate before sending mail.

Also this procedure is mentioned here: http://www.mailenable.com/kb/content/ar ... D=ME020032

If you scroll down until the title "551 This mail server requires authentication before sending mail from a locally hosted domain. Please reconfigure your mail client to authenticate before sending mail." you will see that it says:
This can be resolved by one of the following:
Allowing Authorised connections (privileged IP relay list) to spoof sender addresses:

• Navigate within the administration console to: servers > localhost > Connectors > SMTP
• Right click on SMTP and select "properties".
• Navigate to the "Relay" tab and select the option "Allow relay for privileged IP ranges"
• Click on the button "Privileged IPs..."
• Tick the option for "Denied relay rights" and clkick the "Add" button to add the IP address of the server/client machine
• Click Close and then Apply.
• Next navigate to the "Security" tab and click on the "Address Spoofing" button.
• Select the option for "Authrozed connections can spoof sender addersses".

But this is not working...

My main problem is that I can't setup correctly the phplist (version 3.3.1) to send emails with authentication. I have tried everything, but I always get the above error. If someone has a workaround, I would appreciate to share it with me.

[apitsos]

After several months of problems and failed trials to connect properly phplist with MailEnable and be able to send through SMTP with authentication I found the solution! The problem was on PHPMailer of phplist, which was missing a command!

So the problem was solved as follows. I just had to add the following command in the file sendemaillib.php:

Code: Select all

$mail->AuthType = 'LOGIN';

The file sendemaillib.php is located in the /admin directory. The line was added before the following:

Code: Select all

    if ($isTestMail) {
        $mail->SMTPDebug = PHPMAILER_SMTP_DEBUG;
        $mail->Debugoutput = 'html';
    }

That is at about line 813 on the phplist version 3.3.1.

I hope this will help people solve the same problem. It took me about a year to find the solution.